TrustToken, a Trusted SoC solution for Non-Trusted Intellectual Property (IP)s

TL;DR

TrustToken is a low-overhead, root-of-trust security solution for non-trusted IPs in heterogeneous SoCs, enabling secure communication and execution against hardware and software threats.

Contribution

It introduces a novel TrustToken architecture that provides secure key generation, trusted communication, and low resource overhead for protecting non-trusted IPs in SoCs.

Findings

TrustToken achieves low resource utilization with minimal LUT, FF, and BUFG overhead.

It effectively enforces IP authorization and secure communication in SoC environments.

The solution demonstrates low-cost, secure, and trusted execution for non-trusted IPs.

Abstract

Secure and trustworthy execution in heterogeneous SoCs is a major priority in the modern computing system. Security of SoCs mainly addresses two broad layers of trust issues: 1. Protection against hardware security threats(Side-channel, IP Privacy, Cloning, Fault Injection, and Denial of Service); and 2. Protection against malicious software attacks running on SoC processors. To resist malicious software-level attackers from gaining unauthorized access and compromising security, we propose a root of trust-based trusted execution mechanism \textbf{\textit{(named as \textbf{TrustToken}) }}. TrustToken builds a security block to provide a root of trust-based IP security: secure key generation and truly random source. \textbf{TrustToken} only allows trusted communication between the non-trusted third-party IP and the rest of the SoC world by providing essential security features, i.e., secure, isolated execution, and trusted user interaction. The proposed design achieves this by interconnecting the third-party IP interface to \textbf{TrustToken} Controller and checking IP authorization(Token) signals \texttt{`correctness'} at run-time. \textbf{TrustToken} architecture shows a very low overhead resource utilization LUT (618, 1.16 \%), FF (44, 0.04 \%), and BUFG (2 , 6.25\%) in implementation. The experiment results show that TrustToken can provide a secure, low-cost, and trusted solution for non-trusted SoC IPs.